Industroyer Analysis

IOB - Indicator of Behavior (168)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh96
en60
de10
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us92
ch36
cn34
lu2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin6
Zoho ManageEngine ManageEngine OpManager4
Linux Kernel4
Juniper Junos OS4
Adobe Acrobat Reader4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Zend Framework SQL Statement order sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
2Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
3phpLDAPadmin LDAP injection ldap injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.029800.00CVE-2018-12689
4adminlte cookie httponly flag5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001760.03CVE-2021-3706
5Oracle Primavera Unifier Document Manager information disclosure7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003670.05CVE-2023-44981
6OPNsense Login Page redirect5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001790.04CVE-2020-23015
7jc21 NGINX Proxy Manager Access List os command injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020910.00CVE-2023-23596
8Cacti LDAP improper authentication6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004470.04CVE-2022-0730
9ISPConfig sql injection6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.00CVE-2021-3021
10Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-2978
11phpMyAdmin Two-factor Authentication improper authentication6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-23807
12DSpace path traversal7.06.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.00CVE-2016-10726
13RouterOS Upgrade Package code download7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001760.00CVE-2019-3977
14WP Statistics Plugin class-wp-statistics-hits.php sql injection8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.326250.00CVE-2022-0651
15Crow HTTP Pipelining use after free8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007910.00CVE-2022-38667
16mySCADA myPRO command injection9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
17GNU Bash Environment Variable variables.c Shellshock os command injection9.89.6$25k-$100k$0-$5kHighOfficial Fix0.975590.09CVE-2014-6271
18Microsoft Windows Remote Desktop Client Remote Code Execution8.87.7$100k and more$5k-$25kUnprovenOfficial Fix0.052520.04CVE-2021-38666
19MailGates/MailAudit command injection8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001620.00CVE-2020-25849
20Juniper Junos OS J-Web input validation7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-0278

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/CMD_SELECT_USERSpredictiveHigh
3File/dashboard/updatelogo.phppredictiveHigh
4File/dcim/sites/add/predictiveHigh
5File/enginemanager/server/user/delete.htmpredictiveHigh
6File/etc/openshift/server_priv.pempredictiveHigh
7File/forum/away.phppredictiveHigh
8File/goform/delAdpredictiveHigh
9File/xxxxx.xxxpredictiveMedium
10File/xxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
11File/xxxxx-xxxxxx/xxxxx.xxxpredictiveHigh
12File/xxxxx?xxxxxxpredictiveHigh
13File/xxxxxxpredictiveLow
14Filexxxxxxx.xxxpredictiveMedium
15Filexxx_xxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
19Filexx.xpredictiveLow
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
23Filexxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxx/xxxx_xxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxx.xpredictiveLow
26Filexxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxx_xxxxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxx.xxxxpredictiveMedium
30Filexxxxxx/xxxxxxxxxxx/xxxxxxxxpredictiveHigh
31Filexxxxxx/predictiveLow
32Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
33Filexxxxxxxxx.xpredictiveMedium
34Filexxx_xxxxx.xxxxpredictiveHigh
35Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
36Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
37File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
38File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xx.xxxpredictiveHigh
39File~/xxx/xxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
40ArgumentxxxxpredictiveLow
41ArgumentxxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
44Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
45Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
46ArgumentxxxxxxxxxxxpredictiveMedium
47ArgumentxxpredictiveLow
48ArgumentxxpredictiveLow
49Argumentxxxx/xxx_xxxxxxxxxpredictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxpredictiveLow
52Argumentxxx_xxpredictiveLow
53ArgumentxxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxpredictiveLow
55Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
56Argumentxxxxxx_xxpredictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60Argumentxxxxx/xxxxxpredictiveMedium
61Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
62Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
63Input Valuexxx_xxx_xxxx_xxxx'"><xxxxxx>xxxxx(/xxxxx.xx/)</xxxxxx>predictiveHigh
64Pattern() {predictiveLow
65Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!